Regular rotation of passwords, keys and privileged credentials is a critical best practice that greatly reduces an organization’s risk of falling victim to cyberattacks. By limiting the lifespan of a password, organizations can reduce the amount of time during which a compromised password may be valid.
Password, key and credential rotation – a feature of Privileged Access Management (PAM) – enables organizations to reset privileged credentials on an automated schedule. However, traditional PAM tools are complex, expensive, difficult to deploy and difficult to use – and do not monitor and protect every user on every device from every location.
Keeper’s new password rotation feature enables organizations to easily update users’ privileged credentials on an automated schedule through an easy-to-use centralized PAM platform.
Keeper Security and TrendCandy Research surveyed 400+ IT and security professionals to determine the common challenges companies face with their current Privileged Access Management (PAM) tools. Not only are significant components of traditional PAM solutions not being used, but many respondents admit to never fully deploying the solutions they paid for. Key findings:
With KeeperPAM, credential rotation is simple:
Keeper Security’s next-gen Privileged Access Management (PAM) platform – KeeperPAM – delivers enterprise-grade password, secrets and connection management in one unified solution. With Keeper’s password rotation feature, KeeperPAM enables organizations to automate the changing/resetting of system credentials like Active Directory (AD) user accounts, SSH keys, database passwords, AWS IAM accounts, Azure IAM accounts, Windows/Mac/Linux user accounts and more.
Credential-based attacks represent 82% of all data breaches (according to the 2022 Verizon Data Breach Investigations Report). By limiting the lifespan of a password, organizations can reduce the time that a compromised password may be valid.
Unlike traditional PAM solutions, the password rotation configuration in KeeperPAM is managed through the vault and admin console with a lightweight component on-premises to perform the rotation. KeeperPAM supports Keeper’s zero-knowledge, zero-trust architecture, which always encrypts and decrypts data at the local device level. Keeper never has access to the data in a user’s vault.
Password rotation through KeeperPAM is available on the Keeper Desktop App and Web Vault.
Keeper password rotation uses a lightweight and secure on-premises gateway service, which can be installed with a single command. The gateway creates an outbound connection to Keeper’s cloud security vault, establishing a secure tunnel for retrieving rotation requests.
The gateway then utilizes Keeper Secrets Manager (KSM) APIs to request and decrypt secrets for performing rotation and communicating with the target devices. Keeper’s password rotation ensures zero-knowledge security by performing all decryption locally on the gateway service.
Rotation is configured and managed entirely through the Keeper Web Vault or Desktop Application. Secrets, rotation schedules and network settings are all stored as encrypted records in Keeper’s cloud vault.
Rotation is easy to deploy and manage within a team. You can easily share access to records and manage which secrets are visible to the gateway using Keeper’s Shared Folders.
To learn more about Keeper password rotation, contact us today.
You May Also Like
Keeper Security continually invests in new, more robust technologies to counter emerging threats. That’s why Keeper is upgrading our account recovery process via a new and more secure 24-word "recovery phrase" feature, replacing the current user-customizable...
Choose Language